An IAM user represents an entity, such as a person or an application, that interacts with AWS resources and services.
An IAM user consists of a name and credentials, and is created without any permissions by default. The root user can assign permissions to the IAM user.
It is advisable to create a separate IAM user for each individual.
IAM policies are documents that specify permissions to allow or deny access to AWS resources and services.
They enable customization of user access, allowing you to grant only the permissions that each user requires.
An example of an IAM policy is illustrated below.
